Re: IPFilter 4.1.13 on Solaris 8 ... What am I missing? ... Getting closer

Darren, thanks for your response.

>boxyzzy@netscape.net wrote:
>> ...
>> Refer to ipstat display below.
>> The packets are blocked as described above with or w/o statements 46,
>> 47, 48. Statements 40-48 were my
>> attempt to say, "Pass in ANY packet from these trusted hosts,
>> regardless of the flag being set."
>> ...
>> @46 pass in quick proto tcp from 123.456.70.0/26 to any flags
>> FSRPAU/FSRPAU keep state keep frags
>> @47 pass in quick proto tcp from 123.456.70.64/27 to any flags
>> FSRPAU/FSRPAU keep state keep frags
>> @48 pass in quick proto tcp from 123.456.70.96/28 to any flags
>> FSRPAU/FSRPAU keep state keep frags
>
>
>What you have said is match only packets with all of the flags
>FIN, SYN, RST, PSH, ACK and URG set.
>
>Or in other words, those rules will never match a packet :)

Oh, I see. Thanks for correcting my inverted logic.

>To match all packets, regardless of flags, do not specify the "flags
>X/Y" in the rule.

Statements 46, 47, 48 were an attempt (though wrong) to address
the same test scenario where the block occurred exactly as described
(... tcp ... -R IN) with statements 40, 42, 44 w/o "flags X/Y" in the
rules:
@40 pass in quick proto tcp from 123.456.70.0/26 to any keep state keep
frags
@42 pass in quick proto tcp from 123.456.70.64/27 to any keep state
keep frags
@44 pass in quick proto tcp from 123.456.70.96/28 to any keep state
keep frags

Also, previous tests have resulted in "... tcp ... -AF IN" blocks
occurring.

Again, I never want my trusted hosts to be blocked from each other for
any reason unless I explicitly set a rule to do so. How do I
accomplish this?

Charles
__________________________________________________ ______________________
Check Out the new free AIM(R) Mail -- Unlimited storage and
industry-leading spam and email virus protection.